from rest_framework.permissions import BasePermission
from rest_framework.request import Request
from .models import User
class UserPermission(BasePermission):
    def has_permission(self, request, view):
        return True
    
    def has_object_permission(self, request:Request, view, obj):
        user:User=request.user
        if request._request.method.lower()=='get':
            return True
        if user.is_superuser or user==obj:
            return True
        return False